It includes all previous public fixes, new known issues fixes, and also existing functionality improvements for the following components:

Anti-Cryptor

Network Storage Protection

Real-time file protection and the Trusted Zone

Application Startup Control

Kaspersky Security Center integration

Core features and general application settings (including licensing and updating)

New features and improvements

Trusted Zone
settings configuration options have been improved.

Now you can trust the processes with a wider range of the criteria: the application is to trust the processes by the hash sum only, by the path only, or both by the hash sum and the path.
You can manage this setting using the registry key:

The application trusts processes by the path to the executable file only.

2

The application trusts processes by the hash sum of the executable file only.

3

The application trusts processes both by the hash sum and by the path.

The default value is 3. The default value is applied if the key is absent from the Registry.

Protection scope and the scan scope configuring options have been improved Now you can configure processing of the parent container objects when the embedded threat is detected: the application deletes the entire parent container object, if it cannot be modified by the application because its format is supported only for reading.

The application removes parent container object if an embedded threat is detected and if the object is edit-protected.

0

The application does not remove parent container object.

The default value is 0. The default value is applied if the key is absent from the Registry.

The way the Anti-Cryptor handles its task settings has been changed: the mask syntax for the task scope exclusions has been improved. The Anti-Cryptor now uses a “greedy algorithm” when applying masked exclusions: mask matching is checked until the last possible fit to the first symbol that follows mask symbol. For example, if the C:\Temp\*.ext mask is set, the matching will be performed until the last dot.

Examples of commonly used exclusions and how-to-manage tips:

If you want to exclude folder, all its content, all sub-folders and all sub-folders and its content: C:\Temp\*

If you want to exclude one exactly defined file in one exactly defined folder: C:\Temp\Filename.ext

If you want to exclude several files that are attribute-related (e.g., files of a similar extension or files with similar symbols combination in the name) in one exactly defined folder and all its subfolders: C:\Temp\*.ext, C:\Temp\*name.ext, C:\Temp\Filename.ex?

Other useful masks examples:

C:\Temp* The mask excludes all objects, which path begins with a “C:\Temp” combination: e.g., all files on the C: volume, which names begin with “temp”, as well as all objects in the folder, which name begins with “temp”, and in all its subfolders.

C:\Temp1\*\Temp3 The mask excludes all objects in a C:\Temp1\ folder, that have a path finished with a “\Temp3” combination: e.g., are to be excluded objected pathed C:\Temp1\Temp2\Temp3, C:\Temp1\Temp22\Temp3 and/or C:\Temp1\Temp3.
\Temp2 and \Temp22 folders, as well as its content are not to be excluded.

C:\Temp1\*\Temp3\* The mask excludes objects the same way as the C:\Temp1\*\Temp3 mask, and also excludes all objects in a \Temp3 folder and in all its subfolders.

General capabilities for the Anti-Cryptor task have been improved. The inner detection algorithm has been improved in order to increase a number of encryption pattern detected, as well as to reduce the false positive task firings.

The ICAP Network Storage Protection task settings have been expanded. Now you can adjust the memory buffer volume (or the memory threshold) that is to be allocated for the objects anti-virus processing.

The number of memory pages (each page having the size of 64KB), that is allocated for processing an inbound object.

The default value is 2 (128 KB). The default value is applied if the key is absent from the Registry. If the processed object volume does not overcome the allocated memory threshold, the application processes the object without addressing the media (hard drive). That is the hard memory loading is to be dramatically decreased and an overall performance index is to be highly improved as far as the large number of small files are processed with a greater speed.
You can change the temporary folder path that is set by default. The temporary folder is used by the ICAP Network Storage Protection component to store the enqueued objects for anti-virus scanning on a hard drive. Hard temporary folder contains only objects which volume overcomes the operation memory threshold.
You can manage this setting using the registry key:

General capabilities of the ICAP Network Storage Protection task have been improved. The new software versions for the Hitachi Data Systems are now supported.

The outbound network requests algorithm has been improved. The application does not use WPAD protocol anymore, either including performing updates, connecting to the KSN services, and activating the application via an activation code.

Fixed issues

Core functionality. The errors that caused problems with real-time and anti-crypting protection on the overloaded file servers have been fixed: the resources consumption has been optimized for cases when processing of the large data volume is required.

Core functionality. The error that caused compatibility problems when working with the Symantec Enterprise Vault has been fixed. The error provoked false (as well as strictly prohibited by the user) recalls for the HSM-stored files.

Core functionality. The error that caused extra-resources consumption on the file servers with a high level of user activity has been fixed: the logged-in users cached data processing has been optimized.

The ICAP-client integration. The error that caused the application dead loop while working with some types of clients connected via ICAP has been fixed.

The RPC Network Storage Protection task. The error that caused the task dead loop while working with the NetApp storages in a 7-Mode has been fixed.

The Host Blocker task. The error fixed that caused untrusted hosts unblocking after a random time period has been fixed: the real unblocking time did not synchronize with the setting configured for the untrusted hosts list.

The Applications Launch Control task. The error that caused incorrect name devise for a script launched, as well as problems with an application launch processing via the command line have been fixed.

Licensing. The error that caused anti-virus bases updates inability after unsuccessful license state synchronization has been fixed. The problem occurred after month since the activation using the activation code via Kaspersky Security Center Proxy.

The Trusted Zone. The error that caused problems with processing of long paths (over 255 symbols) has been fixed.

The Trusted Zone. The error that caused subfolders going missing when the exclusions are set via the masks.

The Kaspersky Security Center integration and KSN. The error that caused incorrect address selecting in case of multiple addresses income to KSN Proxy from the Kaspersky Security Center has been fixed.

The Kaspersky Security Center integration. The error that caused incorrect update state attributing to a protected server in the Administration Server console has been fixed.

The Base Update and the Software Module Update tasks. The error that caused task failure when the memory optimization failed because the RAM-disk had not been created successfully has been fixed: if the RAM-disk creation is unavailable, the application starts updating without memory usage optimization.

The Base Update task. The error that caused anti-virus bases update tasks failure has been fixed.

Common functionality. The error that caused wrong tasks scheduling has been fixed, including the following scenarios:

Weekly schedule now works properly.

The tasks start randomization algorithm improved in order to increase variance.

Known issues

Structural defects in the application log files, that are caused by overgrown logs volume, may lead to a problem with the critical fix installation. Please use the KAVSHELL VACUUM command to perform log files defragmentation and fix possible structural defects.

Kaspersky Lab specialists might only be able to provide limited technical support if the application is installed on an operating system in the Windows Server 2003 family, as Microsoft no longer supports Windows Server 2003 operating systems.

You can install Kaspersky Security on the following terminal servers:

Windows 2008 Server Microsoft Remote Desktop Services

Windows 2008 Server R2 Microsoft Remote Desktop Services

Windows 2012 Server Microsoft Remote Desktop Services

Windows 2012 Server R2 Microsoft Remote Desktop Services

Windows 2016 Server Microsoft Remote Desktop Services

Citrix® XenApp® 6.0, 6.5, 7.0, 7.5 - 7.9, 7.15

Citrix XenDesktop® 7.0, 7.1, 7.5 - 7.9, 7.15

Server requirements (for version 10.0.0.486)

Before installing Kaspersky Security 10 for Windows Servers, remove third-party antivirus software from the server.
Kaspersky Security 10 for Windows Servers can be installed on top of Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition.

Server hardware requirements

General requirements:

x86-64-compatible single- and multiprocessor systems

Hard disk space:

70 МB required for installation of all product components.

2 GB recommended for databases download and storage.

400 MB recommended for quarantine and backup storage.

1 GB recommended for log files storage.

Minimum configuration:

1 Сore 1.4 GHz processor

1 GB RAM

4GB of free disk subsystem space

Recommended configuration:

4 Сore 2.4 GHz processor

2 GB of RAM

4GB of free disk subsystem space

Software requirements

For the installation and correct performance of Kaspersky Security Console, Microsoft Windows Installer 3.1 must be installed.

You can install the Kaspersky Security Console on a server running one of the following 32-bit Microsoft Windows operating sysems:

Kaspersky Lab specialists might only be able to provide limited technical support if the application is installed on an operating system in the Windows Server 2003 family, as Microsoft no longer supports Windows Server 2003 operating systems.

Console requirements (for version 10.0.0.486)

Нardware requirements

128 MB available RAM (recommended) or more

30 MB free disk space

Software requirements

For the installation and correct performance of Kaspersky Security Console, Microsoft Windows Installer 3.1 must be installed.

You can install the Kaspersky Security Console on a computer running one of the following 32-bit Microsoft Windows operating sysems:

Windows Server 2008 Standard / Enterprise / Datacenter SP1 and later

Microsoft Windows XP Professional SP2 and later

Microsoft Windows Vista® Editions

Microsoft Windows 7 Editions

Microsoft Windows 8

Microsoft Windows 8 Enterprise / Professional

Microsoft Windows 8.1

Microsoft Windows 8.1 Enterprise / Professional

Microsoft Windows 10 Enterprise / Professional

You can install the Kaspersky Security Console on a computer running one of the following 64-bit Microsoft Windows operating sysems: